Warning on Firewire Insecurity

It is already being wildly reported elsewhere but Firewire (IEEE1394) ports on computers are a potential security risk.

The insecurity has been known about for many years, but with the recent publicity about the Disk Encryption ram hack Adam Boileau has decided to release his tool, which he claims to have sat on for two years waiting for a response from Microsoft.

The insecurity is because the specification of the protocol allows devices on a FireWire bus to communicate by direct memory access (DMA), where a device can use hardware to map internal memory to FireWire's "Physical Memory Space". The SBP-2 (Serial Bus Protocol 2) used by FireWire disk drives uses this capability to minimize interrupts and buffer copies. In SBP-2, the initiator (controlling device) sends a request by remotely writing a command into a specified area of the target's FireWire address space. This command usually includes buffer addresses in the initiator's FireWire "Physical Address Space", which the target is supposed to use for moving I/O data to and from the initiator.

On many implementations, particularly those like PCs and Macs using the popular OHCI, the mapping between the FireWire "Physical Memory Space" and device physical memory is done in hardware, without operating system intervention. While this enables high-speed and low-latency communication between data sources and sinks without unnecessary copying (such as between a video camera and a software video recording application, or between a disk drive and the application buffers), this can also be a security risk if untrustworthy devices are attached to the bus.

Adam Boileau released a Linux Firewire utility that will give you immediate Administrator to an XP machine:

It's two years later, and I think anyone who was going to get the message about Firewire has already got it, and anyone who was going to be upset about it has got over it. Besides, according to Microsoft's definition, it never was a Security Vulnerability anyway - screensavers and login prompts are - as Bruce says - about the Feeling of Security. Anyway, today's release day for Winlockpwn, the tool I demoed at Ruxcon for bypassing windows auth, or popping an admin shell at the login window....

• Yes, you can read and write main memory over firewire on windows.
• Yes, this means you can completely own any box who's firewire port you can plug into in seconds.
• Yes, it requires physical access. People with physical access win in lots of ways. Sure, this is fast and easy, but it's just one of many.
• Yes, it's a FEATURE, not a bug. It's the Fire in Firewire. Yes, I know this, Microsoft know this. The OHCI-1394 specification knows this. People with firewire ports generally don't.
  

Adam's tools include a few Python apps that can copy and impersonate Firewire device signatures, dump RAM on a remote machine, bypass Windows authentication, and extract BIOS passwords. It's not exactly comforting, but I've got a new appreciation for Firewire now. This is the sort of access that used to only be possible by creating hardware that physically connects to the PCI bus. Now all you need is a cable and a laptop.

Chip and Pin Vulnerabilities

BBC Newsnight last night had a report on the vulnerability of Chip and Pin to fraud. The video segment is currently available on Google Video.

A number of academics at the University of Cambridge have published a report online describing the weaknesses. Steven Murdoch and Saar Drimer, have found a number of ways that the criminally-minded could modify PED devices and extract your account number and PIN and all the details needed to create a cloned card. The full pdf is available here

The vulnerabilities they describe have actually been known for a while, and the responses from the various banking authorities and card companies acknowledge this. The attacks are possible because the UK banking industry chose to deploy Chip & PIN cards with the smart chips in a mode that does not encrypt the data exchanged between the card and the PED during a transaction. By tapping these communications, fraudsters can obtain the PIN and create a magnetic strip version of the card to make ATM withdrawals in the UK and abroad.

Newsnight presenter Jeremy Paxman was on top form literally taking apart the APACS Director of Communications Sandra Quinn as she arrogantly and naively claimed the system was completely safe while at the same time accepting the frauds were possible.

Cold Boot attacks on disk encryption

The Centre for Information Technology Policy at Princeton University has released research which shows a potential way of breaking encryption systems by reading DRAM contents even after power has been removed.

The Abstract reads

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

Their website contains a video demonstration of the technique as well as a link to the full research document (pdf)

Obviously this isn't limited just to breaking disk encryptions as all manner of information could be held in RAM at any one time. DRAM is composed of capacitors that need to keep being refreshed dynamically while being used it is this capacitance that is being exploited in this hack.

From the Freedom To Tinker Blog